From 0ba49ba63e81bf2f4b68f83c035bf0bef37bb3be Mon Sep 17 00:00:00 2001
From: Christian Hofmaier
Date: Thu, 7 Dec 2017 18:20:06 +0100
Subject: [dozmod] reworked permission system from "click and you get error" to
 "button is disabled due to lack of permission" + in log as there is no
 button, the links to the user/target are disabled (not clickable).

---
 modules-available/dozmod/inc/pagedozmodlog.inc.php     | 11 +++++++++--
 modules-available/dozmod/inc/pagedozmodusers.inc.php   |  5 -----
 modules-available/dozmod/inc/pagemailtemplates.inc.php |  8 ++------
 modules-available/dozmod/page.inc.php                  | 18 ++++--------------
 modules-available/dozmod/permissions/permissions.json  |  4 +++-
 modules-available/dozmod/templates/actionlog-log.html  |  4 ++--
 modules-available/dozmod/templates/images-delete.html  |  2 +-
 modules-available/dozmod/templates/mailconfig.html     |  4 ++--
 modules-available/dozmod/templates/orglist.html        | 14 +++++++++++++-
 modules-available/dozmod/templates/runtimeconfig.html  |  2 +-
 modules-available/dozmod/templates/templates.html      |  4 ++--
 11 files changed, 39 insertions(+), 37 deletions(-)

diff --git a/modules-available/dozmod/inc/pagedozmodlog.inc.php b/modules-available/dozmod/inc/pagedozmodlog.inc.php
index f31edf5b..957abd2f 100644
--- a/modules-available/dozmod/inc/pagedozmodlog.inc.php
+++ b/modules-available/dozmod/inc/pagedozmodlog.inc.php
@@ -29,9 +29,13 @@ class Page_dozmod_log extends Page
 				. " LEFT JOIN sat.lecture l ON (l.lectureid = targetid)"
 				. " ORDER BY al.dateline DESC LIMIT 500", array(), true, true);
 		} elseif ($this->action === 'showuser') {
-			$this->listUser();
+			if (User::hasPermission("log.showuser")) {
+				$this->listUser();
+			}
 		} else {
-			$this->listTarget();
+			if (User::hasPermission("log.showtarget")) {
+				$this->listTarget();
+			}
 		}
 	}
 
@@ -150,6 +154,9 @@ class Page_dozmod_log extends Page
 		if ($showTarget) {
 			$data['showTarget'] = true;
 		}
+
+		$data['allowedShowUser'] = User::hasPermission("log.showuser");
+		$data['allowedShowTarget'] = User::hasPermission("log.showtarget");
 		Render::addTemplate('actionlog-log', $data);
 	}
 
diff --git a/modules-available/dozmod/inc/pagedozmodusers.inc.php b/modules-available/dozmod/inc/pagedozmodusers.inc.php
index 621f7d34..f4ac852b 100644
--- a/modules-available/dozmod/inc/pagedozmodusers.inc.php
+++ b/modules-available/dozmod/inc/pagedozmodusers.inc.php
@@ -22,15 +22,10 @@ class Page_dozmod_users extends Page
 		if ($action === 'setmail' || $action === 'setsu' || $action == 'setlogin') {
 			if (User::hasPermission("users.".$action)) {
 				$this->setUserOption($action);
-			} else {
-				die("No permission.");
 			}
-
 		} elseif ($action === 'setorglogin') {
 			if (User::hasPermission("users.orglogin")) {
 				$this->setOrgOption($action);
-			} else {
-				die("No permission.");
 			}
 		} else {
 			die('No such action');
diff --git a/modules-available/dozmod/inc/pagemailtemplates.inc.php b/modules-available/dozmod/inc/pagemailtemplates.inc.php
index 90734a50..b7b5a8d4 100644
--- a/modules-available/dozmod/inc/pagemailtemplates.inc.php
+++ b/modules-available/dozmod/inc/pagemailtemplates.inc.php
@@ -15,16 +15,10 @@ class Page_mail_templates extends Page
 		} elseif ($action === 'save') {
 			if (User::hasPermission("templates.save")) {
 				$this->handleSave();
-			} else {
-				Message::addError('main.no-permission');
-				Util::redirect('?do=dozmod&section=templates');
 			}
 		} elseif ($action === 'reset') {
 			if(User::hasPermission("templates.reset")) {
 				$this->handleReset();
-			} else {
-				Message::addError('main.no-permission');
-				Util::redirect('?do=dozmod&section=templates');
 			}
 		} else {
 			Message::addError('main.invalid-action', $action);
@@ -70,6 +64,8 @@ class Page_mail_templates extends Page
 	protected function doRender()
 	{
 		$this->enrichHtml();
+		$this->templates['allowedReset'] = User::hasPermission("templates.reset");
+		$this->templates['allowedSave'] = User::hasPermission("templates.save");
 		Render::addTemplate('templates', ['templates' => $this->templates]);
 	}
 
diff --git a/modules-available/dozmod/page.inc.php b/modules-available/dozmod/page.inc.php
index ffb38663..7a5ddf23 100644
--- a/modules-available/dozmod/page.inc.php
+++ b/modules-available/dozmod/page.inc.php
@@ -52,16 +52,10 @@ class Page_DozMod extends Page
 		if ($action === 'mail') {
 			if (User::hasPermission("mail.save")) {
 				$this->mailHandler();
-			} else {
-				Message::addError('main.no-permission');
-				Util::redirect('?do=dozmod&section=mailconfig');
 			}
 		} elseif ($action === 'runtime') {
 			if (User::hasPermission("runtimeconfig.save")) {
 				$this->runtimeHandler();
-			} else {
-				Message::addError('main.no-permission');
-				Util::redirect('?do=dozmod&section=runtimeconfig');
 			}
 		} elseif ($action === 'delimages') {
 			if (User::hasPermission("images.delete")) {
@@ -70,9 +64,6 @@ class Page_DozMod extends Page
 					Message::addInfo('delete-images', $result);
 				}
 				Util::redirect('?do=DozMod');
-			} else {
-				Message::addError('main.no-permission');
-				Util::redirect('?do=dozmod');
 			}
 		} elseif ($action !== false) {
 			Util::traceError('Invalid action: ' . $action);
@@ -102,7 +93,7 @@ class Page_DozMod extends Page
 			if (empty($expiredImages)) {
 				Message::addSuccess('no-expired-images');
 			} else {
-				Render::addTemplate('images-delete', array('images' => $expiredImages));
+				Render::addTemplate('images-delete', array('images' => $expiredImages, 'allowedDelete' => User::hasPermission("images.delete")));
 			}
 		}
 		if ($section === 'mailconfig') {
@@ -114,6 +105,8 @@ class Page_DozMod extends Page
 					$mailConf['set_' . $mailConf['ssl']] = 'selected="selected"';
 				}
 			}
+			$mailConf['allowedSave'] = User::hasPermission('mail.save');
+			$mailConf['allowedTest'] = User::hasPermission('mail.testmail');
 			Render::addTemplate('mailconfig', $mailConf);
 		}
 		if ($section === 'runtimeconfig') {
@@ -146,6 +139,7 @@ class Page_DozMod extends Page
 					$runtimeConf['allowLoginByDefault'] = 'checked';
 				}
 			}
+			$runtimeConf['allowedSave'] = User::hasPermission("runtimeconfig.save");
 			Render::addTemplate('runtimeconfig', $runtimeConf);
 		}
 		if ($section === 'blockstats') {
@@ -231,14 +225,10 @@ class Page_DozMod extends Page
 		if ($action === 'mail') {
 			if (User::hasPermission("mail.testmail")) {
 				$this->handleTestMail();
-			} else {
-				die('No permission');
 			}
 		} elseif ($action === 'delimages') {
 			if (User::hasPermission("images.delete")) {
 				die($this->handleDeleteImages());
-			} else {
-				die('No permission');
 			}
 		} elseif ($action === 'getblockinfo') {
 			$this->ajaxGetBlockInfo();
diff --git a/modules-available/dozmod/permissions/permissions.json b/modules-available/dozmod/permissions/permissions.json
index 8295d0f0..294bd774 100644
--- a/modules-available/dozmod/permissions/permissions.json
+++ b/modules-available/dozmod/permissions/permissions.json
@@ -8,5 +8,7 @@
 	"users.setmail": "Enable/Disable Email Notification",
 	"users.setlogin": "Enable/Disable Login",
 	"users.setsu": "Set User to superuser",
-	"users.orglogin": "Enalbe/Disable Login for Users from certain organisations."
+	"users.orglogin": "Enalbe/Disable Login for Users from certain organisations.",
+	"log.showuser": "Show User Data in Log",
+	"log.showtarget": "Show Target Data in Log"
 }
\ No newline at end of file
diff --git a/modules-available/dozmod/templates/actionlog-log.html b/modules-available/dozmod/templates/actionlog-log.html
index 09f3a183..8aa57207 100644
--- a/modules-available/dozmod/templates/actionlog-log.html
+++ b/modules-available/dozmod/templates/actionlog-log.html
@@ -18,7 +18,7 @@
 			{{#showActor}}
 			<td style="min-width:140px">
 				{{#uuserid}}
-				<a href="?do=dozmod&amp;section=actionlog&amp;action=showuser&amp;uuid={{uuserid}}">{{ulastname}}, {{ufirstname}}</a>
+				{{#allowedShowUser}}<a href="?do=dozmod&amp;section=actionlog&amp;action=showuser&amp;uuid={{uuserid}}">{{/allowedShowUser}} {{ulastname}}, {{ufirstname}}{{#allowedShowUser}}</a>{{/allowedShowUser}}
 				{{/uuserid}}
 				{{^uuserid}}
 				{{lang_system}}
@@ -28,7 +28,7 @@
 			{{#showTarget}}
 			<td style="word-wrap: break-word">
 				{{#targeturl}}
-				<a href="{{targeturl}}">{{targetname}}</a>
+				{{#allowedShowTarget}}<a href="{{targeturl}}">{{/allowedShowTarget}}{{targetname}}{{#allowedShowTarget}}</a>{{/allowedShowTarget}}
 				{{/targeturl}}
 				{{^targeturl}}
 				{{targetname}}
diff --git a/modules-available/dozmod/templates/images-delete.html b/modules-available/dozmod/templates/images-delete.html
index dd4c61bc..ed75a0d2 100644
--- a/modules-available/dozmod/templates/images-delete.html
+++ b/modules-available/dozmod/templates/images-delete.html
@@ -45,7 +45,7 @@
 						{{/images}}
 					</tbody>
 				</table>
-				<button style="margin-left: 20px" id="delbtn" class="btn btn-danger pull-right" type="submit" name="button" value="save"><span class="glyphicon glyphicon-trash"></span> {{lang_delButton}}</button>
+				<button {{^allowedDelete}}disabled{{/allowedDelete}} style="margin-left: 20px" id="delbtn" class="btn btn-danger pull-right" type="submit" name="button" value="save"><span class="glyphicon glyphicon-trash"></span> {{lang_delButton}}</button>
 			</form>
 			<pre style="display:none" id="deloutput"></pre>
 		</div>
diff --git a/modules-available/dozmod/templates/mailconfig.html b/modules-available/dozmod/templates/mailconfig.html
index 6edc65ae..d5d4db29 100644
--- a/modules-available/dozmod/templates/mailconfig.html
+++ b/modules-available/dozmod/templates/mailconfig.html
@@ -55,10 +55,10 @@
 			</div>
 			<br>
 			<div class="text-right">
-				<button class="btn btn-warning" type="button" id="test-button" name="button" value="test" onclick="slxTestConfig()"><span class="glyphicon glyphicon-envelope"></span> {{lang_test}}</button>
+				<button {{^allowedTest}}disabled{{/allowedTest}} class="btn btn-warning" type="button" id="test-button" name="button" value="test" onclick="slxTestConfig()"><span class="glyphicon glyphicon-envelope"></span> {{lang_test}}</button>
 				<span id="test-spin" style="display:none"><span class="glyphicon glyphicon-refresh slx-rotation"></span></span>
 				<pre id="test-output" style="display:none"></pre>
-				<button class="btn btn-primary" type="submit" name="button" value="save"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button>
+				<button {{^allowedSave}}disabled{{/allowedSave}} class="btn btn-primary" type="submit" name="button" value="save"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button>
 				<br>
 				<input type="hidden" name="token" value="{{token}}">
 				<input type="hidden" name="action" value="mail">
diff --git a/modules-available/dozmod/templates/orglist.html b/modules-available/dozmod/templates/orglist.html
index 361421c5..5224c962 100644
--- a/modules-available/dozmod/templates/orglist.html
+++ b/modules-available/dozmod/templates/orglist.html
@@ -41,7 +41,19 @@ function seto(action, el, orgid) {
 
 		if (data !== '1' && data !== '0') {
 			el.checked = !old;
-			box.parent().css('background-color', 'red !important');
+			box.parent().css('background-color', '');
+			/* show success notification */
+			$notification = $('<span></span>')
+				.addClass('glyphicon glyphicon-remove')
+				.css('color', 'red')
+				.css('width', '0px')
+				.css('position', 'relative')
+				.css('right', '20px')
+				.hide();
+			box.before($notification);
+			$notification.fadeIn('fast', function () {
+				$notification.fadeOut('slow', function () { $notification.remove() });
+			});
 		} else {
 			el.checked = (data == 1);
 			box.parent().css('background-color', '');
diff --git a/modules-available/dozmod/templates/runtimeconfig.html b/modules-available/dozmod/templates/runtimeconfig.html
index cff61441..4d97ade0 100644
--- a/modules-available/dozmod/templates/runtimeconfig.html
+++ b/modules-available/dozmod/templates/runtimeconfig.html
@@ -113,7 +113,7 @@
 			<input type="hidden" name="token" value="{{token}}">
 			<input type="hidden" name="action" value="runtime">
 			<div class="text-right">
-				<button class="btn btn-primary" type="submit" name="button" value="save"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button>
+				<button {{^allowedSave}}disabled{{/allowedSave}} class="btn btn-primary" type="submit" name="button" value="save"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button>
 			</div>
 		</form>
 	</div>
diff --git a/modules-available/dozmod/templates/templates.html b/modules-available/dozmod/templates/templates.html
index 4764c0e9..3ee0ccbc 100644
--- a/modules-available/dozmod/templates/templates.html
+++ b/modules-available/dozmod/templates/templates.html
@@ -80,12 +80,12 @@
 			{{/templates}}
 			</div>
 
-			<button type="submit" onclick="return validateForm()" class="btn btn-primary pull-right"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button>
+			<button {{^allowedSave}}disabled{{/allowedSave}} type="submit" onclick="return validateForm()" class="btn btn-primary pull-right"><span class="glyphicon glyphicon-floppy-disk"></span> {{lang_save}}</button>
 		</form>
 		<form method="POST" action="?do=dozmod&amp;section=templates">
 			<input type="hidden" name="token" value="{{token}}">
 			<div>
-				<button type="button" data-toggle="modal" data-target="#resetTemplatesModal" class="btn btn-danger">{{lang_loadDefaults}}</button>
+				<button {{^allowedReset}}disabled{{/allowedReset}} type="button" data-toggle="modal" data-target="#resetTemplatesModal" class="btn btn-danger">{{lang_loadDefaults}}</button>
 			</div>
 
 			<div id="resetTemplatesModal" class="modal fade" role="dialog">
-- 
cgit v1.2.3-55-g7522